Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fGFvL7iFCymp6tNBCpzUukNy6QQ.roa
File: fGFvL7iFCymp6tNBCpzUukNy6QQ.roa (raw, json)
Hash identifier: UYD72++tcdTVo0C7wbumqyRvYlbS6T0d1x66LI22BNI=
Subject key identifier: 7C:61:6F:2F:B8:85:0B:29:A9:EA:D3:41:0A:9C:D4:BA:43:72:E9:04
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019E921CA1298CF468D1337F2B8BDD99BE14
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fGFvL7iFCymp6tNBCpzUukNy6QQ.roa
Signing time: Thu 04 Jun 2026 10:10:10 +0000
ROA not before: Thu 04 Jun 2026 10:10:10 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 40676
IP address blocks: 104.222.160.0/24 maxlen: 24
104.222.163.0/24 maxlen: 24
104.222.164.0/24 maxlen: 24
104.222.165.0/24 maxlen: 24
104.222.166.0/24 maxlen: 24
104.239.74.0/24 maxlen: 24
104.239.89.0/24 maxlen: 24
104.239.102.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 07 Jun 2026 01:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9e:92:1c:a1:29:8c:f4:68:d1:33:7f:2b:8b:dd:99:be:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jun 4 10:10:10 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=7c616f2fb8850b29a9ead3410a9cd4ba4372e904
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:89:d1:f9:18:59:25:4c:1b:05:02:ac:c9:76:
3e:c3:b4:af:97:1f:23:01:c6:98:b4:1b:0c:ab:9b:
52:40:ab:88:eb:3b:50:da:d5:88:db:3b:ee:ee:21:
7a:05:8b:e6:57:49:6c:eb:09:33:aa:a4:5f:ff:ff:
15:a4:e7:ed:92:0d:65:c7:d3:e4:c0:da:3c:3d:60:
ee:7e:05:d0:95:fb:67:4b:98:36:5f:9f:5b:14:fa:
8b:17:40:a8:42:65:c2:f5:ec:ae:33:c5:23:ca:fb:
f9:64:ea:8e:40:3e:18:43:a5:3d:2d:66:3a:28:b4:
f3:01:0a:ad:1e:6b:c0:ff:74:8c:39:5c:84:67:d4:
48:e0:5a:36:b4:e2:e8:69:62:3d:1d:f0:a7:ce:01:
77:59:7c:c9:c3:60:f5:8b:2f:2f:4d:e6:1b:06:32:
1c:3e:2a:31:31:aa:56:b0:73:0d:d0:95:24:e8:68:
83:df:ec:17:1d:9f:29:82:7c:d0:f8:b3:a5:71:ec:
9f:54:d1:f0:b8:71:16:f2:41:25:19:ff:9e:95:55:
2f:f9:e0:b6:9a:10:a0:ef:c6:e7:30:1e:ed:68:a9:
6c:c1:01:6a:b2:ce:e6:d2:89:06:d4:d7:6f:f7:93:
18:32:1b:31:b5:ff:a7:7d:51:30:1e:6d:a2:03:0f:
dc:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:61:6F:2F:B8:85:0B:29:A9:EA:D3:41:0A:9C:D4:BA:43:72:E9:04
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/fGFvL7iFCymp6tNBCpzUukNy6QQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.222.160.0/24
104.222.163.0-104.222.166.255
104.239.74.0/24
104.239.89.0/24
104.239.102.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:a4:63:1c:af:15:d8:75:3f:80:ed:ef:c6:51:e2:1c:18:e9:
77:3d:32:84:fb:14:cb:ae:94:6c:6c:bb:4e:60:81:a4:0d:b1:
c2:c7:59:23:13:30:4a:26:9a:53:b6:43:dc:eb:1c:9b:60:14:
79:ff:92:09:7d:75:69:a9:bc:83:91:6f:4e:93:e0:57:38:16:
11:02:df:43:ac:69:b1:3c:6d:f3:27:14:c6:e0:52:93:33:b1:
09:61:bd:5a:48:b6:b4:f7:00:47:a0:6a:73:d9:6f:8c:be:9c:
a1:d4:29:ac:95:53:04:43:4e:b2:66:d8:da:9e:e6:a4:c8:66:
6c:18:5b:bf:80:e3:8e:81:92:14:5f:0d:c8:67:5c:fe:0e:a8:
16:b1:fb:51:4b:6a:10:47:31:64:15:65:36:8a:f4:19:58:8b:
50:21:7e:39:d6:3d:32:1c:a1:6a:91:74:19:05:4c:3c:74:36:
0f:0c:e1:51:bb:25:00:88:a6:39:34:8a:17:fc:f4:40:b1:5c:
c7:b4:63:f1:3d:3c:01:95:17:f3:32:bf:9a:94:f5:27:f9:6e:
d6:ac:85:0b:cf:a0:cd:91:41:2c:0f:2c:47:d3:c2:55:46:3b:
89:79:60:82:42:0a:41:c2:db:02:c3:64:34:5f:34:9b:1d:16:
e1:b6:08:5a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZ6SHKEpjPRo0TN/K4vdmb4UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwNjA0MTAxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzYxNmYyZmI4ODUwYjI5YTllYWQzNDEwYTljZDRiYTQzNzJlOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4nR+RhZJUwbBQKsyXY+w7Svlx8j
AcaYtBsMq5tSQKuI6ztQ2tWI2zvu7iF6BYvmV0ls6wkzqqRf//8VpOftkg1lx9Pk
wNo8PWDufgXQlftnS5g2X59bFPqLF0CoQmXC9eyuM8Ujyvv5ZOqOQD4YQ6U9LWY6
KLTzAQqtHmvA/3SMOVyEZ9RI4Fo2tOLoaWI9HfCnzgF3WXzJw2D1iy8vTeYbBjIc
PioxMapWsHMN0JUk6GiD3+wXHZ8pgnzQ+LOlceyfVNHwuHEW8kElGf+elVUv+eC2
mhCg78bnMB7taKlswQFqss7m0okG1Ndv95MYMhsxtf+nfVEwHm2iAw/cXwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHxhby+4hQspqerTQQqc1LpDcukEMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZkdGdkw3aUZDeW1wNnROQkNwelV1a055NlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAaN6gMAwD
BABo3qMDBABo3qYDBABo70oDBABo71kDBABo72YwDQYJKoZIhvcNAQELBQADggEB
AJykYxyvFdh1P4Dt78ZR4hwY6Xc9MoT7FMuulGxsu05ggaQNscLHWSMTMEommlO2
Q9zrHJtgFHn/kgl9dWmpvIORb06T4Fc4FhEC30OsabE8bfMnFMbgUpMzsQlhvVpI
trT3AEeganPZb4y+nKHUKayVUwRDTrJm2Nqe5qTIZmwYW7+A446BkhRfDchnXP4O
qBax+1FLahBHMWQVZTaK9BlYi1AhfjnWPTIcoWqRdBkFTDx0Ng8M4VG7JQCIpjk0
ihf89ECxXMe0Y/E9PAGVF/Myv5qU9Sf5btashQvPoM2RQSwPLEfTwlVGO4l5YIJC
CkHC2wLDZDRfNJsdFuG2CFo=
-----END CERTIFICATE-----
Generated at Sat Jun 6 07:29:13 2026 by rpki-client